With so many threat researchers ringing the warning bell over this one issue, it’s no wonder Apple took quick action to remove the contentious flaw. Historically, Apple has always been a big proponent of privacy and security.
Mac os firewall sapps update#
The Hacker News shared that “Wardle demonstrated an instance of how malicious apps could exploit this firewall bypass to transmit data to an attacker-controlled server using a simple Python script that latched the traffic onto an Apple exempted app despite setting LuLu and Little Snitch to block all outgoing connections on a Mac running Big Sur.” How Has Apple Responded?Īlthough Apple has declined to respond to either Threatpost or The Hacker News, nor have they made a public comment about the issue, they did remove the feature in the latest update to Big Sur version 11.2 beta 2. Principal researcher with Jamf Patrick Wardle tweeted last week, “After lots of bad press and lots of feedback/bug reports to Apple from developers such as myself, it seems wiser (more security conscious) minds at Cupertino prevailed.” Using a piggybacking methodology, hackers could easily exploit this feature if left in play. The reparation of this vulnerability means that now even third-party firewalls can block all incoming traffic from unknown connections. NEFilterDataProvider is a simple network content filter, which is used by third-party application firewalls (such as host-based macOS application firewall Little Snitch) and VPNs to filter data traffic flow on an app-by-app basis.īecause these apps bypassed NEFilterDataProvider, the service could not monitor them to see how much data they were transferring or which IP addresses they were communicating with – and ultimately could not block them if something was amiss.”Ĭybersecurity professionals explain that threat actors could bypass the firewall by generating network traffic abusing these “excused” items. “Researchers found these apps were excluded from being controlled by Apple’s NEFilterDataProvider feature. Threatpost explained how the feature worked. Critics complained loudly about the problem, and concerns about exposing user data forced Apple to remove the feature in its latest update. The issue was discovered In November 2020 when a beta version of Big Sur was tested. According to The Hacker News, its “software update service that was routed through Network Extension Framework, effectively circumventing firewall protections.”Īs of macOS 11.2 beta 2, this feature has been removed from the Big Sur operating system.
The actual feature is called “ ContentFilterExclusionList,” and worked with 50 apps including Apple Maps, Music, HomeKit, FaceTime, iCloud, and the App Store. The controversial feature allowed only Apple’s first-party apps to bypass content filters, VPNs, and third-party firewalls. However, recently Apple removed a feature from Big Sur (the latest version of macOS) that allowed apps to bypass the firewall.
The Apple ecosystem (macOS, iOS, WatchOS, and iPadOS) is known to be very robust and resistant to outside threats.
0 kommentar(er)
